17,964 research outputs found
Deep Neural Networks based Meta-Learning for Network Intrusion Detection
The digitization of different components of industry and inter-connectivity
among indigenous networks have increased the risk of network attacks. Designing
an intrusion detection system to ensure security of the industrial ecosystem is
difficult as network traffic encompasses various attack types, including new
and evolving ones with minor changes. The data used to construct a predictive
model for computer networks has a skewed class distribution and limited
representation of attack types, which differ from real network traffic. These
limitations result in dataset shift, negatively impacting the machine learning
models' predictive abilities and reducing the detection rate against novel
attacks. To address the challenges, we propose a novel deep neural network
based Meta-Learning framework; INformation FUsion and Stacking Ensemble
(INFUSE) for network intrusion detection. First, a hybrid feature space is
created by integrating decision and feature spaces. Five different classifiers
are utilized to generate a pool of decision spaces. The feature space is then
enriched through a deep sparse autoencoder that learns the semantic
relationships between attacks. Finally, the deep Meta-Learner acts as an
ensemble combiner to analyze the hybrid feature space and make a final
decision. Our evaluation on stringent benchmark datasets and comparison to
existing techniques showed the effectiveness of INFUSE with an F-Score of 0.91,
Accuracy of 91.6%, and Recall of 0.94 on the Test+ dataset, and an F-Score of
0.91, Accuracy of 85.6%, and Recall of 0.87 on the stringent Test-21 dataset.
These promising results indicate the strong generalization capability and the
potential to detect network attacks.Comment: Pages: 15, Figures: 10 and Tables:
Edge Learning for 6G-enabled Internet of Things: A Comprehensive Survey of Vulnerabilities, Datasets, and Defenses
The ongoing deployment of the fifth generation (5G) wireless networks
constantly reveals limitations concerning its original concept as a key driver
of Internet of Everything (IoE) applications. These 5G challenges are behind
worldwide efforts to enable future networks, such as sixth generation (6G)
networks, to efficiently support sophisticated applications ranging from
autonomous driving capabilities to the Metaverse. Edge learning is a new and
powerful approach to training models across distributed clients while
protecting the privacy of their data. This approach is expected to be embedded
within future network infrastructures, including 6G, to solve challenging
problems such as resource management and behavior prediction. This survey
article provides a holistic review of the most recent research focused on edge
learning vulnerabilities and defenses for 6G-enabled IoT. We summarize the
existing surveys on machine learning for 6G IoT security and machine
learning-associated threats in three different learning modes: centralized,
federated, and distributed. Then, we provide an overview of enabling emerging
technologies for 6G IoT intelligence. Moreover, we provide a holistic survey of
existing research on attacks against machine learning and classify threat
models into eight categories, including backdoor attacks, adversarial examples,
combined attacks, poisoning attacks, Sybil attacks, byzantine attacks,
inference attacks, and dropping attacks. In addition, we provide a
comprehensive and detailed taxonomy and a side-by-side comparison of the
state-of-the-art defense methods against edge learning vulnerabilities.
Finally, as new attacks and defense technologies are realized, new research and
future overall prospects for 6G-enabled IoT are discussed
Advanced Threat Intelligence: Interpretation of Anomalous Behavior in Ubiquitous Kernel Processes
Targeted attacks on digital infrastructures are a rising threat against the confidentiality, integrity, and availability of both IT systems and sensitive data. With the emergence of advanced persistent threats (APTs), identifying and understanding such attacks has become an increasingly difficult task. Current signature-based systems are heavily reliant on fixed patterns that struggle with unknown or evasive applications, while behavior-based solutions usually leave most of the interpretative work to a human analyst.
This thesis presents a multi-stage system able to detect and classify anomalous behavior within a user session by observing and analyzing ubiquitous kernel processes. Application candidates suitable for monitoring are initially selected through an adapted sentiment mining process using a score based on the log likelihood ratio (LLR). For transparent anomaly detection within a corpus of associated events, the author utilizes star structures, a bipartite representation designed to approximate the edit distance between graphs. Templates describing nominal behavior are generated automatically and are used for the computation of both an anomaly score and a report containing all deviating events. The extracted anomalies are classified using the Random Forest (RF) and Support Vector Machine (SVM) algorithms. Ultimately, the newly labeled patterns are mapped to a dedicated APT attacker–defender model that considers objectives, actions, actors, as well as assets, thereby bridging the gap between attack indicators and detailed threat semantics. This enables both risk assessment and decision support
for mitigating targeted attacks.
Results show that the prototype system is capable of identifying 99.8% of all star structure anomalies as benign or malicious. In multi-class scenarios that seek to associate each anomaly with a distinct attack pattern belonging to a particular APT stage we achieve a solid accuracy of 95.7%. Furthermore, we demonstrate that 88.3% of observed attacks could be identified by analyzing and classifying a single ubiquitous Windows process for a mere 10 seconds, thereby eliminating the necessity to monitor each and every (unknown) application running on a system.
With its semantic take on threat detection and classification, the proposed system offers a formal as well as technical solution to an information security challenge of great significance.The financial support by the Christian Doppler Research Association, the Austrian Federal Ministry for Digital and Economic Affairs, and the National Foundation for Research, Technology and Development is gratefully acknowledged
Digital Twins and the Future of their Use Enabling Shift Left and Shift Right Cybersecurity Operations
Digital Twins (DTs), optimize operations and monitor performance in Smart
Critical Systems (SCS) domains like smart grids and manufacturing. DT-based
cybersecurity solutions are in their infancy, lacking a unified strategy to
overcome challenges spanning next three to five decades. These challenges
include reliable data accessibility from Cyber-Physical Systems (CPS),
operating in unpredictable environments. Reliable data sources are pivotal for
intelligent cybersecurity operations aided with underlying modeling
capabilities across the SCS lifecycle, necessitating a DT. To address these
challenges, we propose Security Digital Twins (SDTs) collecting realtime data
from CPS, requiring the Shift Left and Shift Right (SLSR) design paradigm for
SDT to implement both design time and runtime cybersecurity operations.
Incorporating virtual CPS components (VC) in Cloud/Edge, data fusion to SDT
models is enabled with high reliability, providing threat insights and
enhancing cyber resilience. VC-enabled SDT ensures accurate data feeds for
security monitoring for both design and runtime. This design paradigm shift
propagates innovative SDT modeling and analytics for securing future critical
systems. This vision paper outlines intelligent SDT design through innovative
techniques, exploring hybrid intelligence with data-driven and rule-based
semantic SDT models. Various operational use cases are discussed for securing
smart critical systems through underlying modeling and analytics capabilities.Comment: IEEE Submitted Paper: Trust, Privacy and Security in Intelligent
Systems, and Application
Benchmarking Robustness of AI-enabled Multi-sensor Fusion Systems: Challenges and Opportunities
Multi-Sensor Fusion (MSF) based perception systems have been the foundation
in supporting many industrial applications and domains, such as self-driving
cars, robotic arms, and unmanned aerial vehicles. Over the past few years, the
fast progress in data-driven artificial intelligence (AI) has brought a
fast-increasing trend to empower MSF systems by deep learning techniques to
further improve performance, especially on intelligent systems and their
perception systems. Although quite a few AI-enabled MSF perception systems and
techniques have been proposed, up to the present, limited benchmarks that focus
on MSF perception are publicly available. Given that many intelligent systems
such as self-driving cars are operated in safety-critical contexts where
perception systems play an important role, there comes an urgent need for a
more in-depth understanding of the performance and reliability of these MSF
systems. To bridge this gap, we initiate an early step in this direction and
construct a public benchmark of AI-enabled MSF-based perception systems
including three commonly adopted tasks (i.e., object detection, object
tracking, and depth completion). Based on this, to comprehensively understand
MSF systems' robustness and reliability, we design 14 common and realistic
corruption patterns to synthesize large-scale corrupted datasets. We further
perform a systematic evaluation of these systems through our large-scale
evaluation. Our results reveal the vulnerability of the current AI-enabled MSF
perception systems, calling for researchers and practitioners to take
robustness and reliability into account when designing AI-enabled MSF.Comment: Accepted by ESEC/FSE 202
Security Enhanced Applications for Information Systems
Every day, more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protection mechanisms and tools. This may have an impact on both the users’ trust as well as the reputation of the system’s stakeholders. Designing and implementing security enhanced systems is of vital importance. Therefore, this book aims to present a number of innovative security enhanced applications. It is titled “Security Enhanced Applications for Information Systems” and includes 11 chapters. This book is a quality guide for teaching purposes as well as for young researchers since it presents leading innovative contributions on security enhanced applications on various Information Systems. It involves cases based on the standalone, network and Cloud environments
- …